Introduction

As a developer, I spend a lot of time watching events in the Event Logs. The Event Logs provide quick tracing/debugging functionality for application developers, especially where applications run in non-graphical environments (like the BizTalk environment). Some people even use it to store objects in a serialized state. As such, it proves to be a huge source of information.

Background

Event Log entries are stored in the registry, together with it's associated log and application sources registered for that log. The Event Logs can be accessed through several classes found in the System.Diagnostics namespace in .NET. The main classes used are System.Diagnostics.EventLog and System.Diagnostics.EventLogEntry. They provide an easy to use, intuitive interface for read and write access to the Event Logs, either on the local machine, or a remote machine through WMI.

Using the code

Using it? Easy, run it. Auto-refresh is not supported at the moment (although the code is in there), because the DataGridView doesn't update (paint) correctly in this case when adding new items. Custom painting for the DataGrid might be needed to solve that issue.

Clicking on the information, warning, etc., buttons filters by event entry type. Searching can be toggled by the search buttons next to the search textbox.

The application creates event logs by registering a user supplied source in the new event log. Deletion of custom event logs is possible, but I wouldn't go about deleting every log you can find - some applications might depend on them..

The column sorting still needs some work. Microsoft's Event Log viewer has a "dual" sorting mode that it achieves by sorting the column requested and sorting the index fields on the entries in the same direction as the sorted column. Sorting by two columns on a DataGridView isn't possible, so if possible sort on the index column (the default sorting column) to ensure the right chronological order.

Points of Interestt

This program was born out of an interest in testing the new functionality of the DataGridView in .NET 2.0. It makes extensive use of the BindingSource class to provide sorting and filtering (job well done on this, Microsoft!).

Accessing multiple entries in the event log seems to be the slowest operation possible. Increasing performance in version 1.1 has been put in place by using a mixture between WMI and the standard EventLog classes. A WMI query is executed to retrieve only the relevant information for display (without the messages). The messages are displayed by doing a lazy load on the SelectionChanged event provided by the DataGridView.

History

17 August 2006: Version 1.0

17 August 2006: Version 1.1

Smoothy now uses a mixture between WMI and the standard EventLog classes to access entries.

07 October 2006: Version 1.2

WMI is now used to retrieve Event Log messages with a lazy load mechanism (instead of using the standard .NET classes).

Fixed bug: Assumption that the first Event Log entry has an index of 1 and that indexes are consecutive..

Added Color View Mode that colors the GridView rows to distinguish between Event Log Entries instead of using icons. This will hopefully speed up the interface on slower computers since a Custom Cell Paint event is not necessary anymore.

Added color configuration for the Color View Mode.

Added the option to specify a source name when creating an Event Log - only one distinct source name is allowed between all Event Logs.

Added progress bar (using BusyBar, search for it on CodeProject) to display progress of entries loaded from remote machines.